snipcart
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the public NPM registry. This is an official vendor tool from the author (Membrane) used to manage the integration workflow. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI to perform authentication, search for connectors, and execute actions against the Snipcart API. These commands are restricted to the functionality provided by the vendor's toolset. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by retrieving and processing external data from Snipcart (such as product descriptions or customer details) which is then placed into the agent's context.
- Ingestion points: Data retrieved via
membrane action runandmembrane request(documented inSKILL.md). - Boundary markers: None. The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious content within the Snipcart data.
- Capability inventory: The skill can perform file system operations (via NPM install), network requests, and execute pre-defined actions via the
membraneCLI. - Sanitization: No explicit sanitization or filtering of the retrieved data is mentioned before it is processed by the agent.
Audit Metadata